Privacy
At Substash, we’re committed to protecting your privacy. This privacy policy explains how we collect, use, and safeguard your information when you use our subscription tracking browser extension, available for Chrome, Brave, Edge, Opera, Vivaldi, and other Chromium-based browsers.
Data controller information
Substash is operated by Chris Lim, who is the data controller responsible for your personal information. Substash is developed as an independent project.
Types of personal data we collect
Identity data:
- Email address for OTP authentication
- Unique user identifier for account management
Subscription data:
- Subscription names, costs, and billing cycles you choose to track
- Trial periods and renewal dates you enter
- Notes and categories you assign to subscriptions
Technical data:
- Extension version and browser type for compatibility
- Basic usage analytics (feature usage patterns, anonymized)
- Error logs for debugging purposes (no personal data included)
- Performance metrics to optimize the extension
Legal basis for data processing
We process your personal data based on:
- Consent: You provide explicit consent when signing up and using our service
- Contractual obligations: Processing necessary to provide the subscription tracking service
- Legitimate interest: Improving our service through anonymous analytics
How we use your data
- Provide and maintain the subscription tracking service
- Sync your subscription data across devices
- Send notifications about upcoming renewals (if enabled)
- Improve the extension based on usage patterns
- Provide customer support and respond to inquiries
Data sharing and third parties
We only share your data with essential service providers:
- Supabase: For secure email/OTP authentication, data storage and synchronization
- DuckDuckGo: For fetching brand favicons via user-provided website URLs
We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.
Your rights
You have the following rights regarding your personal data:
- Right to access: Request a copy of your personal data
- Right to rectification: Correct any inaccurate or incomplete data
- Right to erasure: Delete your account and all associated data
- Right to object: Object to certain types of data processing
- Data portability: Export your subscription data in a portable format
- Right to withdraw consent: Withdraw consent at any time
Data security
We implement appropriate security measures to protect your data:
- Data encryption in transit and at rest
- Secure email-based authentication with one-time passwords
- Regular security updates and monitoring
- Limited access to personal data on a need-to-know basis
Data retention
We retain your data only as long as necessary to provide our service. You can delete your account and all associated data at any time through the extension settings. Deleted data is permanently removed from our systems within 30 days.
Service evolution
Substash is currently free while in active development. A future “Supporter” tier may be introduced with optional premium features, but a free tier will always remain available. Any changes to our service model will be communicated well in advance with existing users.
We’re also working to expand browser support, with Firefox support planned for the future in addition to our current Chromium-based browser compatibility.
Children’s privacy
Substash is not intended for use by children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.
Changes to this privacy policy
We may update this Privacy Policy from time to time. We’ll notify users of any significant changes through the extension or our website. We encourage you to review this policy periodically.
Contact us
If you have questions about this Privacy Policy or want to exercise your rights, please email [email protected].